CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22592 – webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
https://notcve.org/view.php?id=CVE-2022-22592
31 Jan 2022 — A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, watchOS versión 8.4, tvOS versión 15.3, Safari versión 15.3, macOS Monterey versión 12.2. • https://security.gentoo.org/glsa/202208-39 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.0EPSS: 4%CPEs: 142EXPL: 0CVE-2011-1344 – WebKit WBR Tag Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1344
10 Mar 2011 — Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en WebKit. Tal como se utiliza en Apple Safari 5.0.4 en Mac OS X 10.6.6, perm... • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 3CVE-2010-1226 – iPhone Springboard - Malformed Character Crash (PoC)
https://notcve.org/view.php?id=CVE-2010-1226
01 Apr 2010 — The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue. La funcionalidad de cliente HTTP en Apple iPhone OS 3.1 en el iPhone 2G y 3.1.3 en el iPhone 3GS permite a atacantes remotos provocar una denegación de servicio (caída de Safari, Mail o Springboard) mediante un innerHTML manipulado... • https://www.exploit-db.com/exploits/11769 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4593
https://notcve.org/view.php?id=CVE-2008-4593
17 Oct 2008 — Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. Apple iPhone v2.1 con el firmware 5F136, cuando está habilitado "requerir clave de acceso" y "ver vista previa de los SMS" está deshabilitado, permite a atacantes fisicamente próximos obtener información sensible realiz... • http://securitytracker.com/id?1021021 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 4%CPEs: 5EXPL: 1CVE-2008-3950 – Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3950
16 Sep 2008 — Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read. Error de superación de límite en la función _web_drawInRect:withFont:ellipsis:alignment:measureOnly en ... • https://www.exploit-db.com/exploits/32341 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 13%CPEs: 16EXPL: 0CVE-2008-3632
https://notcve.org/view.php?id=CVE-2008-3632
10 Sep 2008 — Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. Una vulnerabilidad de uso de memoria previamente liberada en WebKit en iPod touch versiones 1.1 hasta 2.0.2 y iPhone versiones 1.0 hasta 2.0.2, de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una den... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2008-3876
https://notcve.org/view.php?id=CVE-2008-3876
02 Sep 2008 — Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. Apple iPhone 2.0.2, en algunas configuraciones, permite a atacantes físicamente próximos, evitar las restricciones de acceso pretendidas y obtener información sensible o utilizar el dispositivo como quieran, accediendo a la ... • http://forums.macrumors.com/showpost.php?p=6121914&postcount=118 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1589
https://notcve.org/view.php?id=CVE-2008-1589
14 Jul 2008 — Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 no interpreta correctamente que se pulse en un botón del menú como la confirmación de un usuario al visitar un sitio Web con un certificado (1)autofirmado o (2) no válido; esto facilita a ataca... • http://jvn.jp/en/jp/JVN88676089/index.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2008-1590
https://notcve.org/view.php?id=CVE-2008-1590
14 Jul 2008 — JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317. JavaScriptCore en WebKit de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0, no realiza correctamente la recolección de basura en tiempo de ejecución, esto permite a... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 20%CPEs: 14EXPL: 1CVE-2008-2303 – Apple iPhone / Apple iPod Touch < 2.0 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2303
14 Jul 2008 — Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307. Error de presencia de signo en entero en Safari de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos ejecutar código de su elección o provocar una denegación ... • https://www.exploit-db.com/exploits/32048 • CWE-189: Numeric Errors •